325 Open source projects that are alternatives of or similar to dependency-track-maven-plugin

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Deploy, update, and stage your WAFs while managing them centrally via FMS.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The DevSecOps toolset for REST APIs

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

secureCodeBox (SCB) - continuous secure delivery out of the box

Scalafmt plugin for maven

OWASP Dependency Track API client for intergration into CI/CD pipeline

Application Security Automation

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

POC about usage of JSON Web Tokens (JWT) in a secure way.

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

Software Component Verification Standard (SCVS)

Owasp Zap chart for Kubernetes

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

GitHub Data Loss Prevention (DLP) Action: Scan Pull Requests for sensitive data, like credentials & secrets, PII, credit card numbers, and more.

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

www.mojohaus.org/wagon-maven-plugin/

Integrate SonarQube scanner to GitHub Actions

Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Parsing Java's pom.xml and properly returning the json object, including attributes and values.

XML Maven Plugin

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

A web application that contains several unit tests for the purpose of .NET security

Docker repository for OWTF (64-bit Kali)

Native-image plugins for various build tools

www.mojohaus.org/aspectj-maven-plugin/

All the base POMs in the world.

A DevSecOps framework powered by Nix.

🧩 Old GroupIds Alerter - A Maven plugin that checks for deprecated groupId+artifactId (e.g. did you know that graphql-spring-boot-starter moved from com.graphql-java to com.graphql-java-kickstart?).

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

A light-weight app to audit and inventory large codebases for open source license compliance.

This extension will set project version, based on current Git branch or tag.

JPA Schema Generator Plugin

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

For more notes, see notes-and-code-about-learning

Improve your code security by running different security checks/validation in a simple way.

Framework for Testing WAFs (FTW!)

Deploys resources to AWS using maven

This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.

Enables automatic refactoring and linting of Maven projects written in Scala using Scalafix.

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

This repository for training application security.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

GitHub Advance Security Compliance Action

Protect and discover secrets using Gitleaks 🔑

Build integrator for Java, Scala, Scala.macro, Scala.js, Scala.native, Eclipse and Maven.

Apache Maven Wrapper Plugin

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Demo - how to easily build security testing for Web App, using Zap and Glue